Hello,
I'm trying to use the Fortigate REST API to add various objets on our 1500D. It works quite fine except for adding new firewall policies. The firewall throws a 405 error when posting (POST) a request on this API URL (/api/v2/cmdb/firewall/policy/?vdom=VDOMNAME)
Here are the details :
JSON request :
{
'action': 'accept',
'srcintf':[
{
'name':'IFNAME02',
}
],
'dstintf':[
{
'name':'IFNAME01',
}
],
'srcaddr':[
{
'name':'all',
}
],
'dstaddr':[
{
'name':'all',
}
],
'service':[
{
'name':'ALL',
}
],
'status':'enable',
'schedule':'always',
'nat':'disable',
'logtraffic':'utm',
}
And the error :
405 Method Not Allowed
If I remove the parameter "action" in my JSON data, the policy is created but with a default deny value, which is not what I want.
Any ideas ?
Regards.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
If it can help someone, I've found the error cause in the FortiOS 5.4 REST API Reference Guide. Here are the explaination from the guide :
Limitation If the body data has the same name as some reserved URL parameters, such as name, path, or action, the request would fail due to the conflict. For example, firewall policy has 'name' and 'action' attribute which conflict with the reserved URL parameter 'name' and 'action'. POST/PUT with normal method would fail with 405 error. A workaround is to enclosed all object data in a 'json' keyword so the API can correctly identify object data.
This would work :
{'json':{'name':"test_policy", 'srcintf': [{"name":"port1"}], 'dstintf': [{"name":"port2"}],'srcaddr': [{"name":"all"}], 'dstaddr': [{"name":"all"}],'action':"accept",'status': "enable",'schedule':"always",'service':[{'name':"ALL"}], 'nat':"disable"}}
Regards.
That goods new news and glad you found out the issue. I alway like to get exit policy for the structure and craft the right json attribute keyvalue and add { POST } items . It can be challenging modifying items also, so I would test the right syntax when you make modifications. Here's a post on what I just wrote up on my blog, and forum user contacted me about some API issues a few months and I decided to write a small snippet on it.
http://socpuppet.blogspot...api-to-add-delete.html
PCNSE
NSE
StrongSwan
hi, can show me your python code ?
I creat a address objects return 403 error using rest api
thanks!!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1731 | |
1105 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.